MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfd46988939b2189c6eb53ddb2301c8db6bab26aecdcce8b174a957dd7246f8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfd46988939b2189c6eb53ddb2301c8db6bab26aecdcce8b174a957dd7246f8b
SHA3-384 hash: 1399d93918b752e79b7ee2f53773c4808669d4157703926afbec05785b76e83940e817d446d9b780cc0c4d915f37b90e
SHA1 hash: 4811a42d3aa421b6c3afe1017ba07b349e57dd27
MD5 hash: f58ee1d685c90fac466407f480ec5d33
humanhash: colorado-pizza-october-ohio
File name:f58ee1d685c90fac466407f480ec5d33.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:667'648 bytes
First seen:2020-10-26 16:20:21 UTC
Last seen:2020-10-26 17:51:53 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a13dae0050f22f74cee8b2afceab7f1c (1 x ZLoader)
ssdeep 12288:8rABnSYuM6Z0HU685jq8uGAeCL0qS/esxnBa7ad4BTHtITPPeIQaF1E/Xd735VQ1:8rgSd5jneHsxB0HgPNQarEfR/
TLSH F2E4F1117682D079C03E993ACDA8D4FE4699BD28EE3449D736C43F6F3E325414A2DA27
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Zloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/79413/
Detection(s):
SecuriteInfo.com.Variant.Johnnie.284593.29546.26904.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Delayed writing of the file
Delayed reading of the file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/512626
Signature
Binary contains a suspicious time stamp
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfd46988939b2189c6eb53ddb2301c8db6bab26aecdcce8b174a957dd7246f8b/
Threat name:
Win32.Trojan.Zeus
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 16:22:10 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7kgtcettmqytrxlkpo3ema4rw3lvmtk5tom5cyxjkkx3vzen6fq._file
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader
Link:
https://tria.ge/reports/201026-vexl35cf52/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://wingtonwelbemdon.com/web/post.php
http://donburitimesofindia.com/web/post.php
http://celtictimesofkarishan.com/web/post.php
http://welcometothehotelsoflifes.com/web/post.php
http://wheredidtheelllcctoncsgo.com/web/post.php
http://myworld2002020999.com/web/post.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll bfd46988939b2189c6eb53ddb2301c8db6bab26aecdcce8b174a957dd7246f8b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/79413/
  
URLhaus
https://urlhaus.abuse.ch/url/733905/
  
Delivery method
Distributed via web download

Comments